Aug 16 2021 02:33 PM
We're using Sensitivity Labels to classify content in our organization. We'd like to have Exchange automatically block the sharing of content with certain labels, except if the recipient's domain is in a list of approved domains.
We've set up a mail flow rule that addresses this properly when the label is applied directly to the email itself (i.e., a message header includes ... msip_labels ... MSIP_Label_xxx_Enabled=true). However, this rule is not triggered when only an attachment has the sensitivity label applied to it.
As I see it, we can either (a) set up parallel mail flow rules, one for email headers and one for attachments, or (b) ensure that an attachment's label gets applied to the email itself. Since (a) carries the additional burden of maintaining two parallel lists of authorized domains (one per rule), it seems that it would be preferable to have Outlook (or the AIP Client?) automatically apply an email attachment's label to the email itself. (Note that it could very well just be a default / suggested label with user override -- this is intended only to minimize the odds of careless disclosures, not stop a determined malicious insider.)
Our label policy has the "default email label" set to "same as document", but that's not resulting in emails being automatically classified with the attachment's label. The only documentation I could find on this topic referred to "auto-labeling policies", which don't work in our case since they don't support a condition like "an attachment has a sensitivity label of X" (they would work for something like "the email contains credit card numbers" or "an attachment cannot be scanned").
Is this type of automatic classification possible? If so, could anyone point me to instructions for setting it up? Thank you in advance.
Nov 16 2021 02:55 PM
@plu-gps
Did you get to the bottom of this in the end or work out why it was not setting? If so please share your findings
thanks
Nov 17 2021 09:01 AM
Unfortunately, I never did figure out if it was supposed to work or why it wasn't working. I might take another shot at it early next year.
Oct 10 2022 10:04 AM
Jan 16 2023 01:44 AM - edited Jan 16 2023 01:45 AM
There is a update on the Roadmap. That will help with your question I think
https://www.microsoft.com/en-ww/microsoft-365/roadmap?filters=&searchterms=100158
Feb 22 2023 04:52 PM